Sensor fails to install due to removed Root Certificate Authority
search cancel

Sensor fails to install due to removed Root Certificate Authority

book

Article ID: 292125

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Sensor fails to install on endpoint
  • Unattended install being performed outside C:\Temp
  • Correct traffic/communications are allowed through any Proxy/Firewall in place
  • No SSL inspection being performed by Proy/Firewall
  • CRL checking disabled at install (CURL_CRL_CHECK=0)
  • Installer/MSI log shows errors registering 
    CA:InstallPreCheck: Register failed. Please make sure your network is connected and provide a correct register code.
CA:InstallPreCheck: Error 0x80004005: Failed to register.
CDeviceRegistration::Register: We couldn't connect to the cloud due to an untrusted connection. The certificate chain was issued by an authority that is not trusted.
  • confer-temp.log file shows certificate error 
    http: schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
  • Go Daddy signing certificates removed from local machine certificate store
  • Error code popup during install 
    We couldn't connect to the cloud due to an untrusted connection. The certificate chain was issued by an authority that is not trusted.

Environment

  • Carbon Black Cloud Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Cause

  • ​​​​​"​Turn off Automatic Root Certificates Update" GPO is set to Enabled

Resolution

  1. Press ⊞Win + R
  2. Type certlm.msc and hit Enter
  3. Go to 'Trusted Root Certification Authorities' > 'Certificates'
  4. Click into the 'Issued To' column and begin typing 'Go Daddy'
  5. There should be two Go Daddy Certs (Go Daddy Class 2 Certification Authority and Go Daddy Root Certificate Authority – G2)
  6. If Go Daddy certs are not in local machine cert store, re-add prior to attempted install 
    Main link: https://ssl-ccp.godaddy.com/repository/?origin=CALLISTO

Certs to install locally:
GoDaddy Certification Authority Root Certificate - G2
gdroot-g2.crt
SHA256: 45140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA
Download link: https://ssl-ccp.godaddy.com/repository/gdroot-g2.crt

GoDaddy Class 2 Certification Authority Root Certificate
gd-class2-root.crt (PEM) https://ssl-ccp.godaddy.com/repository/gdig2.crt.pem
gd-class2-root.cer (DER) https://ssl-ccp.godaddy.com/repository/gdig2.crt
SHA256: C3846BF24B9E93CA64274C0EC67C1ECC5E024FFCACD2D74019350E81FE546AE4

Additional Information

If the problem remains, please open a case with VMware Carbon Black Support.

Powered by Wolken Software